What is network security?
Network security consists of the policies, procedures, programs, hardware, software, and people you use to protect your corporate network. Network security is intended to prevent unauthorized access or inadvertent exposure of protected and sensitive information like payment card data, protected health information (PHI), corporate financials, or intellectual property.
There are many steps, processes, layers, people, and technologies associated with network security. Organizations need network security tools: applications like internal/external scanning, firewalls, and log monitoring, to protect their network, detect vulnerabilities, and react to threats. They may also need to consult network data security experts to make sure they're not missing vulnerabilities or security gaps. And no security plan is complete without proper training of all stakeholders.
What are the foundations of network security?
Network security begins with usernames and passwords. This is where multi-factor authentication comes in. Security standards like the PCI DSS and NIST no longer consider single-factor authentication (i.e., a password) secure. It's far too easy to retrieve or crack passwords these days.
Firewalls control traffic into and out of the network. For users, this translates to which websites and applications they can access. Organizations should properly configure firewalls according to their environment.
- Antivirus, Intrusion Detection, and Intrusion Management Systems
Firewalls may not be able to catch everything, especially viruses and worms, so antivirus, intrusion detection (IDS), and intrusion management (SIEM) systems can help detect and stop malware.
Organizations sometimes encrypt communications within a network to further secure data.
- Employees: Awareness about and training on information security is crucial to maintaining a secure network.
- Personnel must be trained for proper implementation and maintenance of network security, including making sure all security patches and hotfixes are up to date.
- Dedicated staff must be assigned to monitor and act on security alerts.
Managing network security at franchises and large corporations
The five areas represent some of the foundational principles of network security. However, large corporate networks and structures can enforce and manage network security in a variety of ways. Since they typically need more network security than a basic home office or small business, they usually have more resources, time, and even entire positions and departments dedicated to the matter.
In addition to the five areas listed above, large organizations will likely need to utilize some or all of the following security services to increase network security:
Vulnerability scanning: Vulnerability scanning identifies big risks such as misconfigured firewalls, malware hazards, remote access vulnerabilities, and can be used for cyber security or compliance mandates like PCI DSS and HIPAA.
Penetration testing (also known as “ethical hacking”): Penetration testing is a service that involves a professional penetration tester uncovering network security weaknesses at their root.
On-site audits: Depending on whether you are working towards security mandate compliance (PCI, GDPR, HIPAA), you may need to schedule an onsite audit for your organization.
Remediation: Do you have the personnel at your organizations to remediate a vulnerability? Or will you need a third party’s help? Do you have an IT team that can open and close ports on your network? Does someone check for and regularly install patches?
The "gray area network"
Large businesses and franchises often have one central headquarters and many smaller remote or satellite locations. Some may even include telecommuting employees. While security efforts tend to focus on headquarters, remote locations can be just as critical for your network security.
At SecurityMetrics, we've seen entire headquarters' operations "held ransom" by malware that was initially downloaded onto the network through a remote franchise location. Situations like this are due in part to the "gray area" that tends to surround remote locations, where "who's responsible" for security can get fuzzy. Is the headquarters responsible for data security and compliance? Or is it the franchise? What about employees working from home? How trustworthy is their home network?
The forensics team here at SecurityMetrics recently investigated a case where a corporate network was breached due to a poorly configured home router. The employee would often work from home, connecting through a VPN into the corporate network. Attackers were able to defeat the employee’s home router and take stealth control of his remote machine. Once a VPN connection was made, the attackers were able to piggy back into the corporate network with devastating consequences.
So who was responsible? The employee or the corporation? The company did not own the employee’s network, yet that network presented a very real vulnerability. Risks increase significantly when little to no visibility into these gray area networks is available. Remote network owners frequently hesitant to provide visibility into their own networks, typically citing privacy concerns, yet when remote connections are allowed into your network, you automatically assume some responsibility for any threats that network may pose whether you wish to or not.
What can be done to help mitigate the risks gray area networks present to your network while privacy and control are still retained by the respective network owners?
Protecting Networks from Attacks
Working backwards from large corporate data breaches, we've been able to pinpoint some of the most common attack vectors used in network breaches:
- Phishing emails
- Social engineering
- Gray area network attacks from franchise, employee, or 3rd-parties making remote connections.
- Less secure networks with intermittent access into more secure networks.
If you are a large franchise or corporate entity with many remote locations, it's crucial to find a network security company that can provide a level of visibility into your gray area networks to monitor for threats, vulnerabilities and malicious activity while also providing assurance to network owners that they are still in control of their own networks and privacy.
Prior to becoming a Forensic Analyst for SecurityMetrics, Aaron Willis had over 15 years of diverse experience in all aspects of IT security, business intelligence, data mining, SaaS consulting, and programming. In addition to being the VP of Technology and Information Systems at ScrapeGoat, Inc, Willis taught Information Systems as a professor at Utah Valley University. Willis holds a Bachelor’s in Computer Science from Utah Valley University and is currently working on a Masters in Digital Forensics. His certifications include: CISSP (Certified Information Systems Security Professional), QSA (Qualified Security Assessor) and PFI (PCI Forensic Investigator).